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REMARKS 

Please reconsider this application in view of the following remarks. Applicants thank 
the Examiner for carefully considering the application. 

Disposition of Claims 

Claims 1-3, 8, 11-15, 17-19, 22, and 23 are pending in the application. Claims 1, 8, 
and 12 are independent. The remaining claims depend, directly or indirectly, from claims 1, 
8, and 12. 

Drawings 

Applicants respectfully request that the Examiner indicate in the next action whether 
the drawings filed on July 25, 2003, as amended in the Response to Office Action filed on 
March 12, 2007, are accepted. 

Rejection(s) under 35 U.S.C. § 103 

Claims 1-3, 8, 11-15, 17-19, 22, and 23 stand rejected under 35 U.S.C. § 103(a) as 
being unpatentable over U.S. Patent Pub. No. 2004/0003251 (hereinafter "Narin") in view of 
U.S. Patent Pub. No. 2001/0027440 (hereinafter "Tanaka"). This rejection is respectfully 
traversed. 
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Claims 1. 2. 3. 12-15. 17-19. 22 and 23 

Independent claim 1 recites, in part, 

receiving a first certificate of a first server by a 
second server; 

storing said first certificate of said first server in a 
first trusted partner list accessible by said 
second server; 

receiving a second certificate of said second server by 

said first server; and 
storing said second certificate of said second server in 

a second trusted partner list accessible by said 

first server, 

wherein access by a client to a resource associated with 
said first server is controlled as a function of 
said first trusted partner list. 

Claim 1 requires, in part, that two servers exchange certificates for storage into their 

respective trusted partner lists, where access by a client to a resource is controlled as a 

function of a trusted partner list. Applicants respectfully assert that none of the cited prior 

art teaches or suggests that aforementioned limitations for at least the following reasons: 



Narin is directed to a basic principle of operation requiring a one-way trust relationship 
between two necessarily different type of entities: a trusted entity (i.e., the identity servers) 
and a trusting entity (i.e., the DRM servers). 

Narin describes four servers: Corporation A Identity Server (1102), Corporation B 
Identity Server (1 104), Corporation A DRM Server (1 106), and Corporation B DRM Server 
(1 108). The two identity servers of Narin are responsible for issuing certificates to a client, 
whereas the two DRM servers are content servers that grant access to a client for content 
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based on certificates issued by the trusted identity servers. "Typically, company [i.e., 
corporation] A's DRM Server (1106) would be set up to trust company A's identity server 
(1 102), and company B's DRM server (1 104) would be set up to trust company B's identity 
server (1108)." See Nairn, paragraph [0094]. Accordingly, as admitted by the Examiner, 
Narin is directed to two necessarily different types of servers. See Office Action dated 
February 28, 2008 at page 2. Specifically, an identity server for issuing certificates and a 
DRM server for granting access for content based on the certificates issued by the identity 
server. 

Narin cannot be modified to teach or suggest two servers that exchange certificates for 
storage into their respective trusted partner lists, where access is granted as a function of a 
trusted partner list. 

A. A proposed modification or combination of the prior art references cannot 
change the basic principle under which the primary reference was designed to 
operate. 

If a "proposed modification or combination of the prior art would 
change the principle of operation of the prior art invention being modified, 
then the teachings of the references are not sufficient to render the claims 
prima facie obvious [under 35 U.S.C. § 103]". See MPEP § 2143.01. See 
also, In re Ratti, 270 F.2d 810, 123 USPQ 349 (CCPA 1959). Furthermore, a 
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suggested combination of references cannot change "the basic principle under 
which the [primary reference] construction was designed to operate." See id 
(citing In Re Ratti at 813). 

B. Modifying Narin by combining the trusted entity (Le., the identity servers) with 
the trusting entity (Le., the DRM servers) changes the basic principle of 
operation which requires a one way trust relationship between the two 
necessarily different servers. 

The Examiner, relying on a combination of servers taught in Tanaka, 
proposes a modification to Narin, which involves combining the trusting entity 
and the trusted entity of Narin into a single entity. Specifically, the Examiner 
suggests combining the DRM servers and identity servers of Narin into "a 
single server configuration". See Office Action dated January 28, 2008 at 
page 3. Clearly, a combination of a trusting entity and a trusted entity into a 
single entity squarely contradicts a trust relationship which requires two 
necessarily different entities, as discussed in Narin. 

Furthermore, a combination of the Corporation A Identity Server 
(1102) with the Corporation A DRM Server (1 106) and a combination of the 
Corporation B Identity Server (1104) with the Corporation B DRM Server 
(1108) may result in Corporation A DRM server (1106) components being 
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trusted by Corporation B identity server (1104) components, which squarely 
contradicts the teachings of Narin, The teachings of Narin explicitly designate 
the identity servers as the trusted entity and DRM servers as the trusting entity. 
Accordingly, a modification which allows components from the identity server 
to trust components from the DRM server is improper. 

C. Narin cannot be modified as proposed by the Examiner to describe independent 
claim 1. 

As discussed above, a proposed modification which changes the 
principle of operation of the primary reference is improper. See MPEP 
2143.01. Modifying Narin to describe the claimed invention, requires 
changing the principle of operation of Narin. Therefore, Narin cannot be 
modified to teach the claim invention. 

Tanaka does not teach what Narin lacks 

Tanaka is directed to an electronic credit service for checking a buyer's credit and 
ensuring payment collection for a seller where different servers may be combined into a 
single server. A thorough review of Tanaka reveals that Tanaka is completely silent with 
regards to two servers that exchange certificates for storage into their respective trusted 
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partner lists, where access by a client to a resource is controlled as a function of a trusted 
partner list. 

In view of the above, independent claim 1 is patentable over Narin in view of 
Tanaka. Independent claim 12 includes at least some similar limitations to those of claim 1 
and is allowable for at least the same reasons as claim 1. Further, claims 2, 3, 13-15, 17-19, 
22 and 23 depend directly or indirectly from claims 1 and 12, and are allowable for at least 
the same reasons. Accordingly, withdrawal of this rejection is requested. 



Claims 8&11 

Independent claim 8 recites, in part, 

initiating use of a resource associated with a relying 
server by a client, wherein an authentication 
assertion reference is provided by said client to 
said relying server, and wherein said 
authentication assertion reference is provided to 
said client by an issuing server; ... 

sending an authentication request comprising a 
certificate of said relying server to said issuing 
server;... 

sending an authentication assertion, indicating that said 
client has been authenticated, from said issuing 
server to said relying server when said certificate 
is contained in said trusted partner list of said 
issuing server. 



Emphasis added. Claim 8 recites, in part, a method of providing a circle of trust that 
involves two separate and distinct servers: a relying server and an issuing server. The 
method specifically requires the relying server to send an authentication request to the 
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issuing server that includes the certificate of the relying server, and the issuing server to send 
an authentication assertion to the relying server when the certificate of the relying server is 
in the trusted partner list of the issuing server. 

In contrast, Narin teaches a process for issuing a license in which a "DRM server 
[that] determines whether the identity certificate was issued by a[n] identity server in the 
trusted domain ([01 17])... if the identity certificate is in the trusted domain, a license is 
granted to the requestor." See Office Action dated January 28, 2008 at pages 5 and 6; see 
also, Narin at paragraph [0117] and Figure 5A. More specifically, Narin discloses that 
identity certificates are issued by identity servers. See e.g., Narin at Fig. 10. Narin further 
discloses that when a user wants a license to access content, the user sends an identity 
certificate to a DRM server to request the license. See e.g., Narin at paragraphs [0057], 
[0117] and Figure 5 A. The DRM server then detennines if the identity certificate is in its set 
of trusted certificates. See e.g., Narin at paragraphs [0063] and Figure 5A. If the identity 
certificate is in the DRM server's set of trusted certificates, the DRM server then issues the 
requested license to the user. See e.g., Narin at paragraphs [0064] and Figure 5 A. At no 
point in this license issue process does the DRM server interact with the server that issued 
the identity certificate, i.e., the identity server. Furthermore, as discussed above in the 
rejection of independent claim 1, the DRM server and the identity server of Narin cannot be 
combined into a single server as suggested by the Examiner. Accordingly, Narin cannot 
possibly be read to disclose a method in which a relying server sends an authentication 
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request to an issuing server that includes the certificate of the relying server, and the issuing 
server sends an authentication assertion to the relying server when the certificate of the 
relying server is in the trusted partner list of the issuing server as required by claim 8. 

Tanaka does not teach what Narin lacks. As discussed above, Tanaka is directed to 
an electronic credit service for checking a buyer's credit and ensuring payment collection 
for a seller. A thorough review of Tanaka reveals that Tanaka is completely silent with 
regards to a circle of trust that involves two separate and distinct servers: a relying server 
and an issuing server. 

In view of the above, independent claim 8 is patentable over Narin in view of 
Tanaka. Further, claim 1 1 depends directly from claim 8, and is allowable for at least the 
same reasons. Accordingly, withdrawal of this rejection is requested. 
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Conclusion 

Applicants believe this reply is fully responsive to all outstanding issues and places 
this application in condition for allowance. If this belief is incorrect, or other issues arise, 
the Examiner is encouraged to contact the undersigned or his associates at the telephone 
number listed below. Please apply any charges not covered, or any credits, to Deposit 
Account 50-0591 (Reference Number 03226/503001; P8951) 
Dated: April 25, 2008 Respectfully submitted, 



B y /Robert P. Lord/ 
Robert P. Lord 
Registration No.: 46,479 
OSHA • LIANG LLP 
1221 McKinney St., Suite 2800 
Houston, Texas 77010 
(713) 228-8600 
(713) 228-8778 (Fax) 
Attorney for Applicants 
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